package integration.rbacapi.api.v1;

import io.confluent.rbacapi.entities.AuthorizeRequest;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.retrofit.v1.V1RbacRestApi;
import io.confluent.rbacapi.retrofit.v1.V1RbacRetrofitFactory;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.AuthorizeResult;
import io.confluent.security.authorizer.Operation;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.test.utils.RbacClusters;
import io.confluent.testing.TestIndependenceUtil;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.hamcrest.MatcherAssert;
import org.hamcrest.core.Is;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import utils.KafkaConfigTool;
import utils.MdsTestUtil;
import utils.ScopeBuilder;

@Test(groups = {"classParallelTests"})
/* loaded from: input_file:integration/rbacapi/api/v1/AdminRolebindingGatekeepingTest.class */
public class AdminRolebindingGatekeepingTest {
    private static final String SUPER_USER = "superUser";
    private static final String NOBODY = "Tyler_Durden";
    private static final String USER_ADMIN_MDS = "user_admin_mds";
    private static final String USER_ADMIN_OTHER = "user_admin_other";
    private static final String SYSTEM_ADMIN_MDS = "system_admin_mds";
    private static final String SYSTEM_ADMIN_OTHER = "system_admin_other";
    private RbacClusters rbacClusters;
    private int actualMdsPort;
    private Scope mdsKafkaCluster;
    private final Map<String, V1RbacRestApi> apiClients = new HashMap();
    private final Scope otherCluster = ScopeBuilder.withKafka("someOtherKafkaCluster").build().scope();

    @BeforeClass
    public void setUp() throws Exception {
        List<String> asList = Arrays.asList(NOBODY, USER_ADMIN_MDS, USER_ADMIN_OTHER, SYSTEM_ADMIN_MDS, SYSTEM_ADMIN_OTHER);
        this.rbacClusters = new RbacClusters(KafkaConfigTool.justHash(SUPER_USER, (List<String>) asList));
        this.actualMdsPort = MdsTestUtil.lookupActualMdsPort(this.rbacClusters);
        this.mdsKafkaCluster = Scope.kafkaClusterScope(this.rbacClusters.metadataClusterId());
        for (String str : asList) {
            this.apiClients.put(str, V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, str));
        }
        V1RbacRestApi build = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, SUPER_USER);
        this.apiClients.put(SUPER_USER, build);
        grantClusterRole(build, USER_ADMIN_MDS, "UserAdmin", this.mdsKafkaCluster);
        grantClusterRole(build, USER_ADMIN_OTHER, "UserAdmin", this.otherCluster);
        grantClusterRole(build, SYSTEM_ADMIN_MDS, "SystemAdmin", this.mdsKafkaCluster);
        grantClusterRole(build, SYSTEM_ADMIN_OTHER, "SystemAdmin", this.otherCluster);
    }

    private void grantClusterRole(V1RbacRestApi v1RbacRestApi, String str, String str2, Scope scope) throws IOException {
        Assert.assertTrue(v1RbacRestApi.addClusterRoleForPrincipal("User:" + str, str2, new MdsScope(scope)).execute().isSuccessful());
    }

    @AfterClass
    public void tearDown() {
        this.rbacClusters.shutdown();
        MdsTestUtil.releasePort(this.actualMdsPort);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public Object[][] authorizeCallTestCases() {
        return new Object[]{new Object[]{AuthorizeResult.DENIED, NOBODY, "Topic", "pants", "Read", this.mdsKafkaCluster}, new Object[]{AuthorizeResult.DENIED, NOBODY, "SecurityMetadata", "*", "Alter", this.mdsKafkaCluster}, new Object[]{AuthorizeResult.DENIED, NOBODY, "Topic", "*", "AlterAccess", this.mdsKafkaCluster}, new Object[]{AuthorizeResult.DENIED, NOBODY, "Topic", "pants", "Read", this.otherCluster}, new Object[]{AuthorizeResult.DENIED, NOBODY, "SecurityMetadata", "*", "Alter", this.otherCluster}, new Object[]{AuthorizeResult.DENIED, NOBODY, "Topic", "*", "AlterAccess", this.otherCluster}, new Object[]{AuthorizeResult.DENIED, SUPER_USER, "Topic", "pants", "Read", this.mdsKafkaCluster}, new Object[]{AuthorizeResult.ALLOWED, SUPER_USER, "SecurityMetadata", "*", "Alter", this.mdsKafkaCluster}, new Object[]{AuthorizeResult.ALLOWED, SUPER_USER, "Topic", "*", "AlterAccess", this.mdsKafkaCluster}, new Object[]{AuthorizeResult.DENIED, SUPER_USER, "Topic", "pants", "Read", this.otherCluster}, new Object[]{AuthorizeResult.ALLOWED, SUPER_USER, "SecurityMetadata", "*", "Alter", this.otherCluster}, new Object[]{AuthorizeResult.ALLOWED, SUPER_USER, "Topic", "*", "AlterAccess", this.otherCluster}, new Object[]{AuthorizeResult.DENIED, USER_ADMIN_MDS, "Topic", "pants", "Read", this.mdsKafkaCluster}, new Object[]{AuthorizeResult.ALLOWED, USER_ADMIN_MDS, "SecurityMetadata", "*", "Alter", this.mdsKafkaCluster}, new Object[]{AuthorizeResult.ALLOWED, USER_ADMIN_MDS, "Topic", "*", "AlterAccess", this.mdsKafkaCluster}, new Object[]{AuthorizeResult.DENIED, USER_ADMIN_MDS, "Topic", "pants", "Read", this.otherCluster}, new Object[]{AuthorizeResult.DENIED, USER_ADMIN_MDS, "SecurityMetadata", "*", "Alter", this.otherCluster}, new Object[]{AuthorizeResult.DENIED, USER_ADMIN_MDS, "Topic", "*", "AlterAccess", this.otherCluster}, new Object[]{AuthorizeResult.DENIED, USER_ADMIN_OTHER, "Topic", "pants", "Read", this.mdsKafkaCluster}, new Object[]{AuthorizeResult.DENIED, USER_ADMIN_OTHER, "SecurityMetadata", "*", "Alter", this.mdsKafkaCluster}, new Object[]{AuthorizeResult.DENIED, USER_ADMIN_OTHER, "Topic", "*", "AlterAccess", this.mdsKafkaCluster}, new Object[]{AuthorizeResult.DENIED, USER_ADMIN_OTHER, "Topic", "pants", "Read", this.otherCluster}, new Object[]{AuthorizeResult.ALLOWED, USER_ADMIN_OTHER, "SecurityMetadata", "*", "Alter", this.otherCluster}, new Object[]{AuthorizeResult.ALLOWED, USER_ADMIN_OTHER, "Topic", "*", "AlterAccess", this.otherCluster}, new Object[]{AuthorizeResult.ALLOWED, SYSTEM_ADMIN_MDS, "Topic", "pants", "Read", this.mdsKafkaCluster}, new Object[]{AuthorizeResult.ALLOWED, SYSTEM_ADMIN_MDS, "SecurityMetadata", "*", "Alter", this.mdsKafkaCluster}, new Object[]{AuthorizeResult.ALLOWED, SYSTEM_ADMIN_MDS, "Topic", "*", "AlterAccess", this.mdsKafkaCluster}, new Object[]{AuthorizeResult.DENIED, SYSTEM_ADMIN_MDS, "Topic", "pants", "Read", this.otherCluster}, new Object[]{AuthorizeResult.DENIED, SYSTEM_ADMIN_MDS, "SecurityMetadata", "*", "Alter", this.otherCluster}, new Object[]{AuthorizeResult.DENIED, SYSTEM_ADMIN_MDS, "Topic", "*", "AlterAccess", this.otherCluster}, new Object[]{AuthorizeResult.DENIED, SYSTEM_ADMIN_OTHER, "Topic", "pants", "Read", this.mdsKafkaCluster}, new Object[]{AuthorizeResult.DENIED, SYSTEM_ADMIN_OTHER, "SecurityMetadata", "*", "Alter", this.mdsKafkaCluster}, new Object[]{AuthorizeResult.DENIED, SYSTEM_ADMIN_OTHER, "Topic", "*", "AlterAccess", this.mdsKafkaCluster}, new Object[]{AuthorizeResult.ALLOWED, SYSTEM_ADMIN_OTHER, "Topic", "pants", "Read", this.otherCluster}, new Object[]{AuthorizeResult.ALLOWED, SYSTEM_ADMIN_OTHER, "SecurityMetadata", "*", "Alter", this.otherCluster}, new Object[]{AuthorizeResult.ALLOWED, SYSTEM_ADMIN_OTHER, "Topic", "*", "AlterAccess", this.otherCluster}};
    }

    @Test(dataProvider = "authorizeCallTestCases")
    public void authorizeTest(AuthorizeResult authorizeResult, String str, String str2, String str3, String str4, Scope scope) throws Throwable {
        List list = (List) this.apiClients.get(str).authorize(new AuthorizeRequest("User:" + str, Collections.singletonList(new Action(scope, new ResourceType(str2), str3, new Operation(str4))))).execute().body();
        org.junit.Assert.assertNotNull(list);
        org.junit.Assert.assertEquals(1L, list.size());
        org.junit.Assert.assertEquals(authorizeResult, list.get(0));
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public Object[][] actuallyGrantingRolesTestCases() {
        return new Object[]{new Object[]{SUPER_USER, true, this.mdsKafkaCluster}, new Object[]{SUPER_USER, true, this.otherCluster}, new Object[]{USER_ADMIN_MDS, true, this.mdsKafkaCluster}, new Object[]{USER_ADMIN_MDS, false, this.otherCluster}, new Object[]{SYSTEM_ADMIN_MDS, true, this.mdsKafkaCluster}, new Object[]{SYSTEM_ADMIN_MDS, false, this.otherCluster}, new Object[]{USER_ADMIN_OTHER, false, this.mdsKafkaCluster}, new Object[]{USER_ADMIN_OTHER, true, this.otherCluster}, new Object[]{SYSTEM_ADMIN_OTHER, false, this.mdsKafkaCluster}, new Object[]{SYSTEM_ADMIN_OTHER, true, this.otherCluster}};
    }

    @Test(dataProvider = "actuallyGrantingRolesTestCases")
    public void rolebindingTest(String str, boolean z, Scope scope) throws IOException {
        MatcherAssert.assertThat(Boolean.valueOf(this.apiClients.get(str).addClusterRoleForPrincipal("User:" + ("testUser-" + TestIndependenceUtil.getUniqueInteger()), "Operator", new MdsScope(scope)).execute().isSuccessful()), Is.is(Boolean.valueOf(z)));
    }
}
